VYPR

Db2 Recovery Expert for Linux, UNIX and Windows

by IBM

CVEs (150)

  • CVE-2023-27859MedJan 22, 2024
    risk 0.42cvss 6.5epss 0.01

    IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another…

  • CVE-2023-50308MedJan 22, 2024
    risk 0.42cvss 6.5epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393.

  • CVE-2023-47701MedDec 4, 2023
    risk 0.42cvss 6.5epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166.

  • CVE-2023-45178MedDec 3, 2023
    risk 0.42cvss 6.5epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used. IBM X-Force ID: 268073.

  • CVE-2022-35637MedSep 13, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823.

  • CVE-2022-22483MedSep 13, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979.

  • CVE-2022-22389MedJun 24, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740.

  • CVE-2021-38931MedDec 9, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418.

  • CVE-2021-29777MedJun 24, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031.

  • CVE-2021-20579MedJun 24, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283.

  • CVE-2020-4200MedFeb 19, 2020
    risk 0.42cvss 6.5epss 0.02

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to send specially crafted commands to cause a denial of service. IBM X-Force ID: 174914.

  • CVE-2020-4161MedFeb 19, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands. IBM X-Force ID: 174341.

  • CVE-2019-4386MedJul 1, 2019
    risk 0.42cvss 6.5epss 0.02

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714.

  • CVE-2023-27869MedJul 10, 2023
    risk 0.41cvss 6.3epss 0.01

    IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property,…

  • CVE-2023-27868MedJul 10, 2023
    risk 0.41cvss 6.3epss 0.01

    IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially crafted request…

  • CVE-2023-27867MedJul 10, 2023
    risk 0.41cvss 6.3epss 0.01

    IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. By sending a specially crafted request using the property clientRerouteServerListJNDIName, an attacker could…

  • CVE-2024-25030MedApr 3, 2024
    risk 0.40cvss 6.2epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281677.

  • CVE-2022-43930MedFeb 17, 2023
    risk 0.40cvss 6.2epss 0.00

    IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. IBM X-Force ID: 241677.

  • CVE-2018-1799MedNov 9, 2018
    risk 0.40cvss 6.2epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database. IBM X-Force ID: 149429.

  • CVE-2018-1428MedMar 22, 2018
    risk 0.40cvss 6.2epss 0.00

    IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073.

Page 4 of 8